STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM May 11, 2017 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM TABLE OF CONTENTS INTRODUCTION ................................................................................................ 3 TITLE I OBJECT .............................................................................................. 11 TITLE II RECOGNITION MECHANISM ........................................................... 11 CHAPTER 2.1 ADHESION .............................................................................. 12 CHAPTER 2.2 MONITORING .......................................................................... 13 CHAPTER 2.3 VOLUNTARY ........................................................................... 14 TITLE III CORPORATE GOVERNANCE MEASURES .................................... 15 CHAPTER 3.1 TRANSPARENCY ................................................................... 15 CHAPTER 3.2 INTERNAL CONTROLS .......................................................... 22 CHAPTER 3.3 COMPOSITION OF MANAGEMENT AND FISCAL COUNCIL .. ................................................................................................................... 33 CHAPTER 3.4 COMMITMENT OF PUBLIC CONTROLLING SHAREHOLDERS ........................................................................................... 40 TITLE IV ........................................................................................................... 41 CHAPTER 4.1 GENERAL PROVISIONS ........................................................ 41 CHAPTER 4.2 DISPOSIÇÕES FINAIS ............................................................ 42 ANNEX I: LIST OF DOCUMENTS AND INFORMATION THAT MUST BE SUBBMITTED WITH THE APPLICATION FOR CERTIFICATION ................. 43 ANNEX II: APPLICATION FOR CERTIFICATION IN THE CORPORATE GOVERNANCE PROGRAM FOR SOE’S........................................................ 45 2 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM INTRODUCTION The importance of State-Owned Enterprises (SOEs) in the economy and in the history of the development of Brazil’s capital markets is undeniable as evidenced today by their significant share in the market capitalization of listed companies in the daily volume of equities traded on the Exchange, and the massive participation by retail investors in their shareholder basis. However, a troubled scenario hit the confidence of investors, particularly in publicly traded SOE’s, due to the uncertainties surrounding the management and disclosure of information, especially regarding the achievement of public interest and the strong political component of the state that make difficult the proper calculation of the investment risk. The improvement of corporate governance practices, with the view to reduce such uncertainties, provides conditions for a more rational "pricing" of securities, with important implications on reducing the cost of capital and the value creation for the companies, controllers and investors. In light of the above, B3 has developed this Corporate Governance Program for SOE’s (“Program”) with the aim of encouraging companies controlled, direct or indirectly owned by the State, in order to implement best practices in corporate governance. This initiative aims to restore trust between investors and SOE’s, relying, therefore, on the alignment of different interests. Investors, as interested in the efficient and sustainable allocation of its resources; the civil society, employees and outsourced personal of the SOE, interested in maintaining income and employment, and the entities of the state, finally, interested at the viability of investments in the public interest with capital markets funding. During its construction process, the Program adopted as fundamental assumption the proposal of concrete and objective measures, subject to 3 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM implementation in the short or medium term and independent of any legislative or regulatory changes. The Program focus on the state's role as owner and establishes guidelines applicable to federal, state and municipal government entities, commercial or public service providers, in any sector of the economy. The measures were inspired by the discussions ongoing in the Brazilian market, in international practices and positioning of experts on the subject, and are divided into four lines of action: (i) disclosure and transparency, (ii) internal control structures and practices, (iii) composition of management and Fiscal Council, and (iv) commitment of public controllers. All measures, regardless of the line of action, were addressed to the reality of SOEs, and especially to their public purpose, as expressed in the legislation authorizing their creation and establishing their corporate purpose, as provided for in Chapter XIX of Brazil’s Corporations Law (Lei das Sociedades por Ações). Nevertheless, several of these measures could be useful if implemented by listed private-sector companies. The first line of action – disclosure and transparency – aims to make clear to the public that SOEs are fulfilling their legal mission in strict compliance with the laws authorizing their creation. The measures recommended under this line of action are designed to reflect international recommendations and guidelines, especially (i) a consistent definition of the objectives of state ownership and the role of the state in managing the SOEs, and (ii) SOEs’ duty to enforce high standards of transparency by disclosing information relating to their goals and achievements. Generally speaking, although the state may pursue the public interest in exercising ownership and control functions, its objectives should be known to all other shareholders and the market. Only in this manner does the state’s future behavior become predictable, enabling (i) measurement of the implied costs deriving from the peculiarities of SOEs, (ii) identification of changes to the projects initially announced, (iii) efficient action by their governance bodies, especially the Board of Directors, Executive Committee 4 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM and Fiscal Council, and (iv) oversight of the actions of Public Controllers and management by shareholders and other stakeholders. The key point of the first line of action of the program is the improvement of information disclosed in the SOE's Reference Form. Clear prior definition of the public policies and guidelines to be followed by SOEs and the resources involved must be aligned with the multiyear plans, Budget Guidelines Law (LDO) and Annual Budget Law1 passed by Congress, and must be duly specified in the SOE’s Reference Form, repository of all its information, and therefore, its principal document2. The Brazil’s Securities and Exchange Commission also expressed concern with the subject, incorporating to the Circular Letters/CVM/SEP 02/2015, 02/2016 and 01/2017, a guidance on the general procedures to be adopted by SOE’s. In this sense addressed the issue of disclosure (i) in the Management Report, of investments made resulting from the exercise of public policies; and (ii) in the Reference Form, of the possibility and consequences of the SOE's activities to serve the public interest that justified its creation, so as the appropriate legislative authorization. By preparing the Program, B3 was concerned not only with transparency, but also with the process by which the information is produced, in order to make them 1 These laws, which are required by the Federal Constitution and state constitutions, establish respectively: (i) guidelines, goals and targets for the federal, state and city governments during a period of four years; (ii) targets and priorities for the governments concerned, including expenditure for the next financial year, and guidelines for the drafting of the annual budget law; and (iii) the investment budget for SOEs in which the respective government holds a majority of voting shares. 2Sweden, always pointed out as a reference regarding corporate governance of their SOE’s practices, adopt mechanisms to make clear the public policy objectives pursued by the SOE, especially in order to allow monitoring of the activities performed by the companies. The Swedish government sets based on the bylaws of companies, financial goals and performance indicators, in order to (i) ensure that public policies are well implemented; (ii) clarify the costs involved in the pursuit of certain public policies; and (iii) clarify the conditions for meeting financial targets. 5 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM credible. So was concerned about the establishment of internal structures of control and audit, proposing the second line of action of the Program. The second set of measures – internal control structures and practices – aims to the establishment of internal functional governance mechanisms capable of ensuring that managers do not deflect the activities of SOEs away from their proper purpose in pursuit of public policies beyond the public interest stipulated in the laws authorizing the SOE creation, and consequently in its social purpose The Program establishes that the control structure must comply with the principles of the Committee of Sponsoring Organizations of the Treadway Commission (COSO),3 recognized as a model for the development, implementation, management and evaluation of internal controls, and applied in many countries worldwide. The establishment of an effective set of rules, processes and structures enables SOEs to adapt to changes in the operating and corporate environments, reduce risk to acceptable levels and implement a solid decision-making process, assisting compliance with the guidelines determined by management to mitigate the risks relating to the pursuit of their objectives. The measures recommended by the Program require internal controls to be present in three lines of protection: (1) action by Managers and employees in daily implementation of internal controls; (2) Compliance and Risk; (3) Internal Auditing and Statutory Audit Committee. Implementation of the first line of protection affects the organization’s day-by-day activities and involves daily application of internal controls in the actions of all employees. Implementation of the second line of protection entails the creation of a Compliance & Risk Department with sufficient authority to evaluate compliance 3 Available at http://www.coso.org/guidance.htm 6 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM with the applicable legislation and regulations, and with the organization’s own internal policies and processes. The third line of protection involves the creation of a structure that should remain independent from the company’s day-by-day activities so as to be capable of assessing the effectiveness of the control structures and processes in place. To this end SOEs should set up an Internal Auditing Department and a Statutory Audit Committee (SAC). The Statutory Audit Committee assists the Board of Directors in the performance of its duties by providing it with detailed reports of its monitoring of internal auditing activities. A control structure whose composition encompasses a Statutory Audit Committee is aligned with international best practice. 14 (fourteen) of 15 (fifteen) of the world’s governance codes analyzed recommend the establishment of a SAC and the SOEs considered governance benchmarks, such as Statoil (Norway), Codelco (Chile) and Singapore Air, all have a SAC. Related-party transactions are an internal control requirement that deserves special attention. This concern is also in line with international best practice. Several exchanges have specific rules that apply to related-party transactions: NYSE and NASDAQ require analysis by an independent, body, LSE requires disclosure in a specific management report, HKEx requires analysis by shareholders not involved in such transactions, depending on the category, and TSX requires approval by the Board of Directors or shareholders not involved in a transaction.4 In addition, CVM (the Securities & Exchange Commission of Brazil) has addressed its concern with this topic in Circular Letter SEP 02/2015, which 4 Also relating to international practice, it is worth noting that Israeli law requires approval of related-party transactions by the Audit Committee, Board of Directors and general shareholder meeting. 7 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM recommends the enforcement and publication of a Related-Party Transactions Policy as well as approval of such transactions by an independent body. Analysis of related-party transactions by a special-purpose body in which independent members are a majority will ensure that transactions are (i) performed in accordance with the conditions previously established, in the SOE’s best interest and solely to serve its corporate purpose, and (ii) disclosed promptly and in detail. In addition to transparency measures and internal controls, a governance scheme applicable to SOE’s would not be complete if it did not face the question of the composition of the management of these companies, given the political risk inherent to the indications to serve on boards or in daily management of the SOE. Thus, the third line of action of the Program covers measures on the composition of the Board of Directors, Executive Board and the Fiscal Council. The SOE should have boards that can act in the interest of the company and effectively monitor the executive bodies without political interference. So, it is necessary to improve the way they perform their duties. These concerns are in line with international recommendations. The OECD’s Guidelines on Corporate Governance of State-Owned Enterprises include a specific chapter on the Board of Directors, which says (i) the Board should have the necessary authority, competencies and objectivity to guide corporate strategy and monitor managerial performance, and (ii) its members should act with integrity and be accountable for their actions. CVM has also evidenced concern with this matter, recommending (again in Circular Letter SEP 02/2015) that if the organization has a nominations committee or the equivalent, it should publish the minutes or the equivalent document from meetings at which nominees’ compliance with the Nomination Policy, is discussed. 8 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Indeed, in the Brazilian context it is recommendable that boards’ composition encompasses a diversity of experiences, qualifications and styles. Furthermore, as recommended by the OECD, their members should have the necessary authority, experience, competencies and independence to perform their duties of strategic guidance of the business and monitoring of management’s activities, as well as, observing the fiduciary duties imposed by the regulation in force. Similarly, executive boards or committees and Fiscal Councils should be made up of qualified professionals committed to the performance of their duties. The program sets out two main components to address the issue: (i) the existence of minimum requirements for appointment of directors, Executive Management Board and members of the Fiscal Council; and (ii) assessing the adherence of candidates to the requirements set by the SOE. Furthermore, in line with international best practice, especially the OECD’s Guidelines for SOEs, the Program is concerned with effective separation between the different roles of the state and with improper direct political interference. For this reason, it recommends criteria for limiting participation in the Board of Directors by representatives of ministries or other agencies of the executive branch. It also recommends banning the appointment to boards and executive committees of representatives of regulatory authorities, statutory leaders of political parties and holders of office in the legislative branch. Moreover, considering that the Board of Directors is the main governance body in a business organization, the Program also recommends several additional measures, inspired by international practice and corporate governance codes in general, so as to ensure that boards are engaged and effective, being highlighted (i) the requirement of 30% of independent director composing the Board of Directors, (ii) the need for the institution of an evaluation process of its members and members of the Executive Board, and (iii) the implementation of culture for training managers taking office and periodically, regarding various topics (Corporate Law, Compliance, etc.). 9 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM It is also important to ensure that Managers are appropriately compensated, although the Program does not include specific measures for this purpose. Their pay and other compensation should reflect their responsibilities and the complexity of SOEs’ activities, guaranteeing alignment between their interests and the objectives of the organization. None of this can be realized without the commitment of the Public Controller, reflected in the last line of action covered by the Program which aims to encourage the federal, state or city government that controls the SOE to implement best practice in corporate governance. As part of this commitment to best practice, considering the involvement of several public agents in SOEs’ activities and their contact with information that can be considered sensitive if known to the press and public opinion generally, Public Controlling Shareholder should insert rules in the respective government’s code of conduct to prevent members of top management from mentioning any information that could affect the organization’s stock price until it has been properly and fully disclosed to the market. Thus the existing Public Ethics Committees will also be competent to take any steps required to penalize any such comments not preceded by the appropriate official disclosure, as required by CVM. The implementation of measures by the SOE will be recognized and monitored by B3, at least annually, so the program will remain permanent and actual. It is noteworthy, however, that the aforementioned recognition is based on objective criteria and implies no guarantee of the accuracy of the information provided, judgment on the quality of the SOE object or its management, as set out in the following chapter. 10 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM TITLE I OBJECT Art. 1. This Statute discipline the State-Owned Enterprise Governance Program ("Program"), establishing additional corporate governance measures to be adopted by the SOE that voluntarily adhere to it. Single paragraph. For the purpose of this Statute, the SOE is the listed company or in ongoing listing process that is controlled, directly or indirectly, by public a controller, corresponding to one of the governmental entities - Federal, State or Municipality. TITLE II RECOGNITION MECHANISM Art. 2. For the SOE to join the Program, it shall adopt the corporate governance measures included hereinafter: §1. To receive the certification mentioned above, the SOE must fully adopt all the corporate governance measures established in the Program. §2. Alternatively, the SOE can adopt the 6 (six) mandatory corporate governance measures set forth in Art. 16, II, 25, 27, 30, 32 caput and 32 §3º as well as score 48 (forty-eight) points among the corporate governance measures provided for in the Program. The SOE shall have 3 (three) years to fully implement these measures under penalty of losing the certification. 11 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM CHAPTER 2.1 ADHESION Art. 3. The SOE that wants to adhere the Program must submit an application for certification to the Issuer Regulation Department (DRE) of B3, by presenting the documents and information provided in Exhibit I of this Program. §1. At the discretion of the SOE, the request may be made confidentially or may be disclosed to the market. §2. In the event of disclosure of the application to the market, the SOE must disclose the information about the certification process provided for in Art. 7, including the timetable set out in the sole paragraph of that Article, in addition to the decision of the Chief Executive Officer of B3 in respect of the certification of the SOE. Art. 4. The DRE will assess through the documents and information submitted by the SOE, and other documents, elements or evidences, the effective adoption of the corporate governance measures established by the Program and will send the diagnostic privately to the SOE, within 20 (twenty) business days. Sole Paragraph. B3 can determine the disclosure of the documents that prove the effective adoption of the Program, with due regard to the confidentiality and the strategic interests of the SOE. Art. 5. The SOE shall have 10 (ten) business days to respond concerning the diagnosis, as from receipt thereof. Art. 6. The DRE will forward to the SOE its report and opinion about certification within 10 (ten) business days from the answer provided for in Art. 5. Art. 7. Within 5 (five) business days, counted from the receipt of the report and opinion provided for in Art. 6, the SOE must notify the DRE whether it intends to (i) proceed with the certification process; or (ii) withdraw from the certification process. 12 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Sole Paragraph. If the SOE decides to continue in the certification process using the 3 (three) years deadline to fully adopt the measures set forth in Art. 2, §2, the SOE shall establish with the DRE, a schedule to meet these measures. Art. 8. If the SOE opts to proceed with the certification process, the DRE will submit its report, opinion and schedule as applicable, to B3’s Chief Executive Officer (CEO). Art. 9. B3’s CEO will decide whether to award the certification. The SOE will be notified of the CEO’s decision. CHAPTER 2.2 MONITORING Art. 10. The DRE will carry out periodic monitoring of the SOE’s implementation of the corporate governance measures at least on an annual basis. The DRE can recommend the withdrawal of the SOE’s certification. Sole Paragraph. The DRE will send to the SOE a notification informing the possibility of withdrawal of the certification, granting a term to the SOE submit clarifications. Art. 11. DRE reserve itself the right to modify the SOE’s certification to "under review" status, as soon as DRE becomes aware of information that could result in the withdrawal of the certification. §1. The DRE will notice the SOE informing of changes on the certification to "under review" status and will grant a period of 10 (ten) business days for clarifications. §2. The certification will remain “under review” until B3 becomes able to confirm the effectiveness of the adoption of the measures of the Program. Art. 12. After the modification of the certification to “under review”, B3 may withdraw the certification, informing the SOE the grounded justification for the withdrawal. 13 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Sole Paragraph B3 may also withdraw the certification at any time without prior notification if: I. B3 concludes that sufficient information is not available to continue with monitoring; II. B3 concludes that the information provided by the SOE is not satisfactorily supported; and III. If the SOE does not comply with the measures of the Program. CHAPTER 2.3 VOLUNTARY Art. 13. Any SOE that has been certified may voluntarily withdraw from the Program by applying for decertification to the DRE. §1. B3 will issue the last disclosure of the certification before discontinuing its monitoring of the SOE in question. §2. The SOE shall not use the certification from the moment of withdrawal of the program. 14 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM TITLE III CORPORATE GOVERNANCE MEASURES CHAPTER 3.1 TRANSPARENCY Art. 14. The SOE shall disclose, in its website, specifically in the Investor Relations section, its internal policies, including, at least, the Nomination Policy, Disclosure Policy, Risk Management Policy, Related Party Transactions Policy, Dividends Policy as well as the Internal Regulations of their Bodies and Advisory Committees, including the Board of Directors, the Statutory Audit Committee and the Fiscal Council. §1. If the SOE does not fully adopt all the measures mentioned in this Art. 14 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 14 will be evaluated according to the following question: Does the company disclose on its Investor Relations website, its Internal Policies and its Internal Regulations? Compliance = Yes. Non-Compliance = No. Art. 15. The SOE’s bylaws or the Internal Regulations of the Board of Directors, Advisory Committees and Fiscal Council must establish that the SOE will disclose the minutes of the meetings when required by one of its members, except when the majority of the members decide that the disclosure will jeopardize the legitimate interests of the Company. 15 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §1. If the SOE does not fully adopt all the measures mentioned above at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 15 will be evaluated according to the following question: Do the SOE’s bylaws or the Internal Regulations of the Board of Directors, Advisory Committees and the Fiscal Council establish the disclosure of the minutes of the meetings? Compliance = Yes. Non-Compliance = No. Art. 16. SOEs must add information on at least the following items to their Reference Form (FRe): I. Item 5.1 (b), item “iii” of FRe – Organizational structure of risk management: a) Regarding the trainings of employees about the Code of Conduct, the FRe must indicate the frequency of the trainings carried out in the previous fiscal year, as well as the attendance rate. The FRe must also indicate the frequency anticipated for the training in the current fiscal year; and b) Indicate the amount of internal and external reports related to the Code of Conduct received by the SOE in the previous fiscal year. The FRe must also indicate the improvements that were carried out in the previous fiscal year and the improvements that will be implemented by virtue of these reports. II. Item 7.1 of FRe – Description of the activities of the SOE and its subsidiaries or Item 10.8 of FRe – Business plan: c) Indicate the public interest that justified the creation of the SOE; d) describe the SOE’s actions to enforce public policies (including universalization targets), covering the governmental programs implemented in 16 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM the previous fiscal year, the governmental programs established for the current fiscal year and scheduled for implementation in the future; e) Indicate, regarding the policies established in item (a), the investments made, the costs incurred and the sources of funding involved – cash generation, transfer of public funds, including the costs and conditions of funding; f) Disclose, regarding the policies established in item (a), the estimated impacts of such activity on the financial performance of the SOE or declare that the SOE does not hold financial impact analysis of these policies; and g) indication of the price formation process and the rules governing the tariff. III. Item 10.11 of FRe – Other factors with relevant influence: disclose information on expenditure incurred for advertising, sponsorship and agreements or arrangements, as well as the criteria used to budget for such expenditure. IV. Item 12.13 (b) of FRe – Date of installation of Fiscal Council and committees: describe the relationship between the Fiscal Council and the Board of Directors, Executive Management Board and Statutory Audit Committee, specifying the number of joint meetings scheduled and held during the previous reporting period and the number of joint meetings planned for the current period. V. Item 12.12 or 12.8 of FRe – Composition of Board of Directors and Fiscal Council and professional experience of their members: include a declaration by the members of the Board of Directors, Advisory Committees, Executive Management Board and members of the Fiscal Council stating whether they are politically exposed persons (as provided for in the regulation) and detailing the reasons for this classification. VI. Item 12.12 or 12.13 of FRe – Other relevant information: a) Indicate the process of evaluation of the members of the Board of Directors and Executive Management Board, detailing frequency, procedures and criteria 17 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM for the previous and current reporting periods, and specifying whether the evaluation influences appointments or compensation. b) Describe the programs for training of members of the Board of Directors and Executive Management Board, detailing the topics covered (at least Disclosure, Code of Conduct or Integrity, Compliance, and Anticorruption Law), the frequency of trainings delivered in the previous reporting period and the proportion of participants, as well as courses planned for the current reporting period. §1. The measure described in item II above is mandatory. §2. If the SOE does not fully adopt all the measures mentioned in this Art. 16 at the moment of certification, the compliance with items I, III and VI above grants 4 (four) points. §3. If the SOE does not fully adopt all the measures mentioned in this Art. 16 at the moment of certification, the compliance with items IV and V grants 2 (two) points. §4. Implementation of the measure described in this Art. 16 will be evaluated according to the following question: Has the SOE’s Reference Form been updated in accordance with the Program? Compliance = Yes. Non-Compliance = No. Art. 17. The SOE shall disclose the candidacy of members of the Board of Directors, Advisory Committees, Executive Management Board and Fiscal Council to elective offices in the legislative and executive branches, if it occurs. 18 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §1. If the SOE does not fully adopt all the measures mentioned in this Art. 17 at the moment of certification, the compliance with this measure grants 1 (one) point. §2. Implementation of the measure described in this Art. 17 will be evaluated according to the following question: Has the SOE disclosed the candidacy of members of the Board of Directors, Advisory Committees, Executive Management Board and the Fiscal Council to elective offices in the legislative and executive branches? Compliance = Yes. Non-Compliance = No. Art. 18. Independently of any upgrade to the FRe, SOEs must publish an Annual Corporate Governance Report on their website, specifically in the Investor Relations section, until May 31 of the current year, Annual Report and Annual Corporate Governance Report, in accordance with the legislation that regulates the SOE and its subsidiaries’ bylaws, in a single document written in clear direct language, so as to guarantee direct access to the information inserted into the FRe for investors and the general public, aiming to consolidate: I. The information required in Art. 16; and II. The risks related to the State as a Public Controlling Shareholder. §1. If the SOE does not fully adopt all the measures mentioned in this Art. 18 at the moment of certification, the compliance with this measure grants 1 (one) point. §2. Implementation of the measure described in this Art 18 will be evaluated according to the following question: 19 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Does the SOE publish an Annual Corporate Governance Report with the content required by the Program? Compliance = Yes. Non-Compliance = No. Art. 19. The SOE must detail its Disclosure Policy in accordance with the applicable laws and regulations in order to cover the following proceedings: I. Mechanisms for controlling and restriction of material information; II. Mechanisms of action of the Director of Investors Relations in case of leaking information, including procedures for communication by the Director of Investor Relations with representatives of the Public Controlling Shareholder and Regulatory Bodies, including logs recording all instances of such interaction; §1. If the SOE does not fully adopt all the measures mentioned in this Art. 19 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 19 will be evaluated according to the following question: Does the SOE have a Disclosure Policy covering the minimum items established in the Program? Compliance = Yes. Non-Compliance = No. Art. 20. SOEs must disclose, until July 31, an annually Integrated Report or Sustainability Report, in accordance with the Global Reporting Initiative (GRI) standard. 20 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §1. If the SOE does not fully adopt all the measures mentioned in this Art. 20 at the moment of certification, the compliance with this measure grants 1 (one) point. §2. Implementation of the measure described in this Art. 20 will be evaluated according to the following question: Does the SOE disclose an Integrated Report or a Sustainability Report in accordance with international standards? Compliance = Yes. Non-Compliance = No. 21 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM CHAPTER 3.2 INTERNAL CONTROLS Art. 21. SOEs must implement internal control structures and practices in accordance with the recommendations from COSO. §1. Internal control structures and practices must encompass three lines of defense: I. First line of defense: The actions of Managers and employees, via implementation of daily internal controls; II. Second line of defense: Compliance & Risk Department; III. Third line of defense: Internal Auditing and Statutory Audit Committee. Art. 22. For the first line of protection, mentioned in Art. 21, §1, I, above, the SOE’s bylaws must establish the segregation among the functions of the company’s administrative bodies as well as establish the decision-making powers of those bodies; §1. If the SOE does not fully adopt all the measures mentioned in this Art. 22 at the moment of certification, the compliance with this measure grants 1 (one) point. §2. Implementation of the measure described in this Art. 22 will be evaluated according to the following question: Do the Company’s bylaws establish the segregation of functions from the decision-making bodies? Compliance = Yes. Non-Compliance = No. 22 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Art. 23. The SOE must prepare and publish a Code of Conduct or Integrity, covering, at least, the following topics: I. The SOE’s principles and values; II. Objective rules related to the duty to comply with and to know the laws and regulations, specially the legislation regarding the protection of confidential information, anticorruption, SOE’s policies and the execution of transactions that comply with market conditions, according to Art. 31, §3; III. The duties towards civil society, such as social and environmental responsibility, respect for human rights and labor relations; IV. A whistleblower channel, to receive internal and external complaints about violations of the Code, policies, laws and regulations applicable to the SOE; V. The identification of the body or department responsible for ascertaining complaints; VI. Protection mechanisms to prevent any kind of reprisal against whistleblowers who report occurrences that potentially violate the Code, policies, laws and regulations applicable to the SOE; VII. Anonymity of complaints; VIII. Penalties applicable to breach of the Code of Conduct; IX. Requirement of regular employee training on the necessity of committing to observance the Code of Conduct. §1. The Code must be applicable to all employees and Managers, regardless of function or job title. §2. The rules stipulated by the Code must be extensive to third parties, such as suppliers, service providers, intermediaries and associates. 23 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §3. All employees, contractors and other stakeholders must be widely communicated about the existence of a whistleblower channel. §4. If the SOE does not fully adopt all the measures in this Art.23 above at the moment of certification, the compliance with this measure grants 4 (four) points. §5. Implementation of the measure described in this Art. 23 will be evaluated according to the following question: Does the SOE have and publish a Code of Conduct or Integrity with the minimum content required by the Program? Is the whistleblower channel widely disclosed to the SOE’s employees and stakeholders? Compliance = Yes. Non-Compliance = No. Art. 24. In addition, for the first line of protection, employees must be familiar with the principles, values and mission of the SOE for which they work and the behavior required. §1. The SOE must hold regular training courses, at least annually, on the Code of Conduct and Integrity. §2. If the SOE does not fully adopt all the measures in this Art.24 at the moment of certification, the compliance with this measure grants 2 (two) points. §3. Implementation of the measure described in this Art. 24 will be evaluated according to the following question: Does the SOE hold regular training courses, at least annually, on the Code of Conduct or Integrity? Compliance = Yes. Non-Compliance = No. 24 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Art. 25. Regarding the second line of protection, the SOEs must establish, in accordance with its bylaws, a Compliance, Internal Control and Risk Department with the following characteristics: I. linkage with the Chief Executive Officer and led by one director appointed in accordance to the bylaws, with independent performance; II. Budget and structure appropriate to its activities and the size of the SOE, this adequacy being confirmed by Internal Auditing and disclosed in the Reference Form; III. Ban on the accumulation of operational and financial functions. §1. The Compliance department must report directly or indirectly to the Board of Directors, through the Statutory Audit Committee, in situations when there is suspicion of involvement of the Chief Executive Officer in unlawful activities or when the Chief Executive Officer refrains from the obligation to take the necessary measures in relation to the reported situation. §2. The measure described in this Art. 25 is mandatory. §3. Implementation of the measure described in this Art. 25 will be evaluated according to the following question: Does the SOE have a Compliance & Risk Department in accordance with the Program? Compliance = Yes. Non-Compliance = No. Art. 26. Compliance, Internal Controls and Risk Department must establish, by means of policies or internal regulations, the scope of its activities and the standards to be followed by this Department, as well as the form and frequency 25 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM of its reports to the Board of Directors, the Statutory Audit Committee and the Executive Management Board, if applicable. §1. The Compliance Department shall adopt standards and proceedings aiming to secure that the SOE is in conformity with its policies, Internal Regulations, laws and regulations applicable to the SOE, as well as: I. Coordinating, defining and disseminating the standards to be followed regarding internal control, compliance and corporate risk management processes, II. Overseeing the whistleblower channel functioning, ensuring that the internal and external complaints – including anonymous complaints, complaints related to noncompliance with the Code of Conduct or acts that violates any laws or regulations applicable to the SOE – are dully received and processed. §2. The Internal Control Department shall assist the managers and employees in the conservation of an incorrupt internal control environment, so as the SOE acts efficiently and operationally effective, trusting in the accounting books, data and information, in conformity and risk based approach that also shall: I. Asses the SOE environment’s internal control; and II. Suggest and follow an action plan for adequacy any eventual noncompliance related to any mapped risk’s controls or laws and regulations applicable to the SOE; §3. The Risk Department shall contemplate internal proceedings for mapping the SOE’s risks, considering the probability and the impact over SOE’s business if such risks materialize, consolidating the evaluation, identifying the and prioritizing such risks by means of the elaboration of periodical reports. §4. If the SOE does not fully adopt all the measures in this Art.26 at the moment of certification, the compliance with this measure grants 2 (two) points. 26 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §5. Implementation of the measure described in this Art. 26 will be evaluated according to the following question: Are the functions and powers of the Compliance, Internal Controls and Risk Department set forth in Internal Policies or Internal Regulations and in accordance with the provisions of the Program? Compliance = Yes. Non-Compliance = No. Art. 27. SOEs must have an Internal Auditing Department and a Statutory Audit Committee. §1. Internal Auditing Department must: I. Be linked to the Board of Directors, either directly or via the Statutory Audit Committee; II. Be provided with a head officer protected by independence mechanisms such as, for example, dismissal only by the Board of Directors; III. Be provided with structure and sufficient budget to perform its functions with adequacy certified by the Statutory Audit Committee, in accordance with the summary report mentioned in Art. 28; IV. Be responsible for providing to the Board of Directors, Statutory Audit Committee, Executive Committee and Fiscal Council evaluation reports related to the effectiveness of the risk management and governance processes. §2. The Statutory Audit Committee must be: I. Established and with attributions in compliance with the regulations issued by CVM that set forth the registration and performance of Independent Accounting Firm in the securities market, define the directors’ and officers’ duties and liabilities of the audited entities related to the Independent Accounting Firm; 27 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM II. Be composed of majority of independent members, in accordance with the definition provided for in Art. 38 of the Program; and III. Be composed by, at least, 1 (one) Independent Director member under the definition in Art. 36 of the Program. §3. The measure described in this Art. 27 is mandatory §4. Implementation of the measure described in this Art. 27 will be evaluated according to the following question: Does the SOE have a Statutory Audit Committee and Internal Auditing Department in accordance with the Program? Compliance = Yes. Non-Compliance = No. Art. 28. SOEs must disclose jointly with the Financial Reports, a summary report of the Statutory Audit Committee, contemplating the meetings and the main issues discussed, highlighting the Committee’s recommendations to the Board of Directors. §1. If the SOE does not fully adopt all the measures in this Art. 28 at the moment of certification, the compliance with this measure grants 4 (four) points. §2. Implementation of the measure described in this Art. 28 will be evaluated according to the following question: Does the SOE publish the summary report of the Statutory Audit Committee in accordance with the Program? Compliance = Yes. Non-Compliance = No. 28 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM Art. 29. Internal control structures and practices must be aligned with a Risk Management Policy approved by the Board of Directors, ensuring that the risks relating to the SOE’s activities and markets are identified, evaluated, treated, monitored and communicated, including operational, market, liquidity, financial, credit, regulatory, strategic, reputational and socio-environmental risks, as well as concentration risk due to significant exposure to a single counterparty. §1. If the SOE does not fully adopt all the measures in this Art.28 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 29 will be evaluated according to the following question: Does the SOE have and publish a Risk Management Policy encompassing the content established by the Program? Compliance = Yes. Non-Compliance = No. Art. 30. SOEs must publish a Related-Party Transactions Policy. §1. The Related-Party Transactions Policy must be approved by the Board of Directors. §2. The definition of related-party transactions is the one established by CVM Deliberation 642/2010, approving Brazilian Accounting Pronouncements Committee (CPC) Technical Pronouncement CPC 05 (R1). §3. Related-party transactions must be managed in accordance with the formal procedure established by the Related-Party Transactions Policy, which must be approved by the Board of Directors, be annually revised and specify the following: 29 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM I. The criteria with which transactions must comply, such as: a) The impact of the transaction to the State, including the possible reputational risks; b) whether a transaction can be classed as being aligned with market conditions; c) the acceptable justifications for carrying out transactions that are not classified as market conditions and the need for compensatory payment; II. The proceeding to identify situations that may involve conflict of interests and the voting impediment in these situations; III. The procedure and the officers or directors responsible for identifying related parties and classifying transactions as related-party transactions; IV. Signoff authorities for approval of transactions depending on the amount involved or other materiality criteria; V. Indication of the proposed related-party transactions that are subject to the prior analysis by an independent body, which may be the Statutory Audit Committee or any other Advisory Committee to the Board of Directors provided that the Committee is composed by a majority of independent members and by an Independent Director, as defined in Art. 39 of the Program; VI. Provision for continuous annual evaluation of Related-party transactions to verify whether they should be allowed to proceed; §4. In order to related-party transactions be classified as being aligned with market conditions they must be compatible with the following principles: I. Competitiveness: service prices and conditions compatible with those practiced in market; II. Conformity: compliance with the contractual terms and responsibilities practiced by the SOE; 30 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM III. Transparency: adequate reporting of the conditions agreed-upon and their reflections in the SOE’s financial statements; IV. Fairness: establishment of mechanisms that prevent discrimination or privilege and the adoption of practices that ensure the non-utilization of insider information or business opportunities for the benefit of any employee or third party; V. Commutatively: equivalent or mutual benefits and obligations for each party. §4. The measure described in this Art. 30 is mandatory. §5. Implementation of the measure described in this Art. 30 will be evaluated according to the following question: Does the SOE have a Related-Party Transactions Policy with the minimum provisions required by the Program? Compliance = Yes. Non-Compliance = No. Art. 31. SOEs must stipulate in their bylaws, in the Internal Regulations of the Fiscal Council or in the Internal Regulations of the Statutory Audit Committee: I. Monitor and verify compliance with the Program regarding: a) disclosure; b) the Code of Conduct or Integrity; c) the criteria established by the Nominations Policy and the activities of the Nomination Committee, if there is one. 31 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM II. Periodically meetings with the Board of Directors, Executive Management Board and Statutory Audit Committee. §1. If the SOE does not fully adopt all the measures in this Art. 31 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 31 will be evaluated according to the following question: Do the SOE’s bylaws or the Internal Regulations of the Fiscal Council or the Statutory Audit Committee establish the responsibilities provided for by the Program? Compliance = Yes. Non-Compliance = No. 32 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM CHAPTER 3.3 COMPOSITION OF MANAGEMENT AND FISCAL COUNCIL Art. 32. The SOE's bylaws shall: I. Establish minimum requirements for the nomination and appointment of the Board of Directors, Advisory Committees, Executive Management Board and the Fiscal Council, formalizing the desired profile; or II. determine the preparation of a Nomination Policy approved by the Board of Directors covering the abovementioned requirements. §1. The minimum desirable profile, mentioned above, must specify the following, in addition to the legal requirements and guidelines issued by government: I. Minimum criteria for the Board of Directors, including diversity and complementarity of experiences; II. Minimum criteria for selection of members of the Board of Directors, members of the Executive Committee and the Fiscal Council; and III. A Ban on nomination to the Board of Directors or Executive Officers, as follows: a) Representatives of the regulatory bodies for the SOE in question, Government Ministers, Government Secretaries, Municipal Secretaries, holders of position without permanent bound to the public service, of special nature or managerial and high counseling to the public administration, statutory managers of political parties and holders of elective office in the federal, state or municipal legislative branches, whether in active service or on leave; b) Persons who acted, in the last 36 (thirty-six) months, as a member of decision- making structure of political party or in any function related to organization, structuring or realization of electoral campaigning; c) Persons who hold position in Labor Union; 33 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM d) Persons who have entered into contracts or partnerships, as supplier or buyer, requester or offeror, of goods and services of any nature, with the political- administrative entity that holds the control of the SOE or with the SOE itself in the last 3 (three) years before the appointment date; and e) Persons who have or can have, in any way, conflict of interests with the political-administrative entity that holds the control of the SOE or with the SOE itself. §2. The ban established in §1, III, above extends to relatives up to the third degree of the persons mentioned. §3. The SOEs shall provide in its bylaws or at the Nomination Policy, a profile assessment of the Head of the Intern Audit Department and the head of the Compliance, Internal and Risk Control Department. §4. The measure described in this Art. 32 is mandatory. §5. Implementation of the measure described in this Art. 32 will be evaluated according to the following question: Do the SOE’s bylaws or the Nomination Policy set forth minimum requirements, in compliance with the Program, for the nomination and appointment of the Board of Directors, Executive Management Board and members of the Fiscal Council? Do the SOE’s bylaws or the Nomination Policy set forth a profile assessment of the Head of the Compliance Department? Compliance = Yes. Non-Compliance = No. Art. 33. Adherence of the profile assessment shall be in: I. Regarding the members of the Board of Directors and Fiscal Council, it must be detailed in the document entitled Management’s Proposal drawn up for the Shareholders’ Meeting convened to elect such members; and 34 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM II. Regarding the Executive Management Board, and participants in the Advisory Committees who are not members of the Board of Directors, it must be on the minutes of the meeting of the Board of Directors to resolve on their election and nomination. §1. SOEs must set up a Statutory Committee to verify the adherence of nominees to the requirements established by the Nomination Policy or SOE’s bylaws. §2. If the SOE does not fully adopt all the measures in this Art. 33 at the moment of certification, the compliance with this measure grants 2 (two) points. §3. Minutes from meetings that discuss comprehensive verification of profile adherence must be published, including any expressions of dissent by members of the Board of Directors. §4. Implementation of the measure described in this Art. 33 will be evaluated according to the following question: Is the Statutory Committee empowered to verify adherence to nomination requirements and does the SOE publish the minutes from its meetings in accordance with the Program? Compliance = Yes. Non-Compliance = No. Art. 34. An annual assessment must be carried out: I. Of the Board of Directors, as a body; II. Of the Board of Director’s Chair, Advisory Committees, as well as an evaluation of the Board members, individually; III. Of the Executive Management Board members. 35 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §1. If the SOE does not fully adopt all the measures in this Art. 34 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 34 will be evaluated according to the following question: Does the SOE have an annual assessment exercise to evaluate the performance of the Board of Directors, its Chair, Advisory Committees, members of the Executive Management Board, as well as the members of each of these bodies individually? Compliance = Yes. Non-Compliance = No. Art. 35. SOEs’ bylaws must clearly state that the same person must not be Chief Executive Officer and, at the same time, Chair of the Board of Directors. §1. If the SOE does not fully adopt all the measures in this Art. 35 at the moment of certification, the compliance with this measure grants 2 (two) points. §2. Implementation of the measure described in this Art. 35 will be evaluated according to the following question: Do the SOE’s bylaws ban accumulation of functions of Chief Executive Officer and Chair of the Board of Directors? Compliance = Yes. Non-Compliance = No. Art. 36. Members of SOEs’ Boards of Directors must serve concurrent terms of at most two years, being allowed reelection. §1. If the SOE does not fully adopt all the measures in this Art. 36 at the moment of certification, the compliance with this measure grants 1 (one) points. 36 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §2. Implementation of the measure described in this Art. 36 will be evaluated according to the following question: Do the SOE’s bylaws provide for terms for the Board of Directors of at most two years, being permitted reelection? Compliance = Yes. Non-Compliance = No. Art. 37. SOEs’ bylaws must state that the Board of Directors must have between 7 (seven) and 11 (eleven) members. §1. If the SOE does not fully adopt all the measures in this Art. 37 at the moment of certification, the compliance with this measure grants 1 (one) points. §2. Implementation of the measure described in this Art. 37 will be evaluated according to the following question: Is the number of members of the SOE’s Board of Directors in line with the provisions of the Program? Compliance = Yes. Non-Compliance = No. Art. 38. At least 30% of the members of an SOE’s Board of Directors must be independent. §1. “Independent Director” is characterized as follows: I. Having, in the last 3 (three) years, no links of any nature to the SOE or its Public Controller that can compromise its independence, other than equity holdings; 37 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM II. Not being married to or related up to the third-degree of the President of Brazil, any Government Minister, any Secretary of the Public Controller or any Manager of the SOE; III. Having no links to legal entities related to persons mentioned in item II hereinabove, nor had such links in the past three years; IV. Not being now, and have not been in the past 3 (three) years, employees or executives of any of its subsidiaries or affiliates; V. Not being direct or indirect suppliers to the SOE in question or buyers of its products or services to an extent that entails loss of independence; VI. Not being employees or managers of legal entities that are offering to sell or buy products or services to or from the SOE in question to an extent that entails loss of independence; and VII. Not receiving any consideration from the SOE concerned, except the honoraria paid to board members (cash income from equity holdings are excluded from this restriction). §2. Board members elected in accordance with article 141, §§ 4 and 5, or article 239 of Brazilian Corporations Law (Lei das Sociedades por Ações) are also considered independent. §3. The qualification as Independent Director will be expressly stated in the minutes of the Shareholders’ Meeting that elects her. §4. The SOE must identify at item 12.13 of the Reference Form the link that keeps away the characterization of a member of the Board of Directors as an Independent Director. §5. If the result of applying the percentage above is a fraction, it should be (i) rounded up to the nearest whole number when the fraction is equal to or more than five-tenths (0.5) or (ii) rounded down to the nearest whole number when the fraction is less than five-tenths (0.5). 38 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM §6. If the SOE does not fully adopt all the measures in this Art. 38 at the moment of certification, the compliance with this measure grants 4 (four) points. §7. Implementation of the measure described in this Art. 38 will be evaluated according to the following question: Is the composition of the SOE’s Board of Directors in line with the provisions of the Program? Compliance = Yes. Non-Compliance = No. Art. 39. Elected Managers must participate, on taking office and annually, in specific training on corporation and capital market laws, confidentiality and disclosure, internal control (compliance and risk management) and the Code of Conduct or Integrity. Art. 40. Elected Managers must participate in integration training on key issues for the SOE concerned, within one month after taking office. Art. 41. If the SOE does not fully adopt all the measures in the Art. 39 and 40 at the moment of certification, the compliance with these measures grants 2 (two) points. Sole Paragraph. Implementation of the measure described in the Art. 39 and 40 will be evaluated according to the following question: Does the SOE submit Managers to specific training, as provided in the Program? Compliance = Yes. Non-Compliance = No. 39 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM CHAPTER 3.4 COMMITMENT OF PUBLIC CONTROLLING SHAREHOLDERS Art. 42. SOEs’ Public Controlling Shareholders must modify the list of public ethics violations in the Code of Conduct applicable to senior administrators in the federal government and its equivalent for state governments, overseen by the Public Ethics Committee, or its equivalent committee, by adding rules requiring senior administrators to: I. Keep confidential any information relating to a material act or fact to which they have privileged access due to the position they occupy until its effective disclosure to the market; and II. Report any act or fact that has knowledge to the Investor Relations Officer, which will promote its disclosure, or in the case of this omission, report to CVM. §1. If the SOE does not fully adopt all the measures in this Art. 42 at the moment of certification, the compliance with these measures grants 4 (four) points. §2. Implementation of the measure described in this Art. 42 will be evaluated according to the following question: Does the Code of Conduct, applicable to senior administrators, include rules as established by the Program? Compliance = Yes. Non-Compliance = No. 40 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM TITLE IV CHAPTER 4.1 GENERAL PROVISIONS Art. 43. The provisions of this Statute do not imply any responsibility to B3, including, but not limited to, the SOE participating in the Program, its Public Controlling Shareholders, members of the Board of Directors, Executive Management Board, members of the Fiscal Council or other Advisory Committees or any other Advisory Committees to the Board of Directors referred to in this Program, employees, nor mean that the B3 will take the defense of the interests of those who may be affected in view of: I. Abusive or unlawful acts committed by the SOE, by the shareholders, including the Public Controlling Shareholder, by the managers or members of the Fiscal Council; or II. Provision of false or misleading information, or omission of information by the SOE, by the shareholders, including the Public Controlling Shareholder, by the members of the Board of Directors, Executive Management Board, members of the Fiscal Council and employees of the SOE. Art. 44. Certification of the SOE does not characterize investment recommendation by B3 and does not imply judgment or responsibility of B3 about the quality or accuracy of any information disclosed by the SOE, the risks inherent to its activities, performance and conduct of the Public Controlling Shareholders, members of the Board of Directors, Executive Management Board, members of the Fiscal Council or any other advisory committees to the Board of Directors referred to in this Program, employees or its economic and financial situation. 41 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM CHAPTER 4.2 DISPOSIÇÕES FINAIS Art. 45. B3 may amend this Statute, regardless of manifestation from the certified SOEs. Sole Paragraph. If the amendment involves measures already provided in the Statute or creation of new measures, B3 will grant a period for adaptation according to the complexity of the measure. 42 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM ANNEX I LIST OF DOCUMENTS AND INFORMATION THAT MUST BE SUBBMITTED WITH THE APPLICATION FOR CERTIFICATION The following documents and information shall be submitted to B3’s DRE to analysis of the Application for certification: (i) Application for certification submitted to B3’s DRE, signed by the Investor Relations Officer (according to the template below); (ii) SOE’s bylaws, in an electronic file “doc” or “docx”, enable for editing, consolidated and updated, adapted to the Corporate Governance Measures set forth in the Program, along with the documents that proves the previous acceptance or homologation of the regulatory bodies for the SOE in question, if applicable; (iii) Internal Policies, Internal Regulations of the Administrative Bodies and Advisory Committees, including the Board of Directors, Statutory Auditing Committee and the Fiscal Council, as provided in Art. 14 of the Program; (iv) Reference Form updated until the date of the submission of the Application for certification, indicating the information required in Art. 16 of the Program; (v) Annual Corporate Governance Report, as provided in Art. 18 of the Program; (vi) Disclosure Policy, as provided in Art. 19 of the Program; (vii) Annually Integrated Report or Sustainability Report, as provided in Art. 20 of the Program; (viii) Code of Conduct or Integrity, as provided in Art. 23 of the Program; 43 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM (ix) Risk Management Policy, as provided in Art. 29 of the Program; (x) Related-Party Transactions Policy, as provided in Art. 30 of the Program; (xi) Nomination Policy, as provided in Art. 32 of the Program; (xii) Public Ethics Committee of the SOEs’ Public Controlling Shareholders, as provided in Art. 42 of the Program; (xiii) Other information and documents required to demonstrate the adoption of all the Corporate Governance Measures provided in the Program. The documents and information shall be addressed to B3’s Issuer Regulation Department in electronic documents (pen drive or CD-ROM) to one of the following addresses: I. Praça Antônio Prado, 48, 2nd Floor, São Paulo – SP, CEP 01010-901; or II. Rua do Mercado, 11, 2nd Floor, Centro, Rio de Janeiro – RJ, CEP 20010- 120. 44 PUBLIC INFORMATION STATE-OWNED ENTERPRISE GOVERNANCE PROGRAM ANNEX II APPLICATION FOR CERTIFICATION IN THE CORPORATE GOVERNANCE PROGRAM FOR SOE’S To B3’s Issuer Regulation Department, Dear Madam, [Company Name] (“SOE”) asks an analysis of the feasibility of certification of recognition in B3’s Corporate Governance Program for SOE’s, attaching the electronic documents and information required in Annex I of the Program. Referential Information Investors Relation Office Name The SOE, intending to be certified in the Program, declares to be aware that (i) the certification does not mean any investment recommendation y B3 and does not entail B3’s liability regarding the quality or accuracy of any information disclosed by the SOE, any inherit risks to the SOE’s business or its economic and financial situation and that (ii) the SOE is not allowed to use the certification after the untying of the Program. Respectfully submitted, ____________________________________________________ [Venue, date] ____________________________________________________ [Name and signature of the Investors Relation Officer] 45 PUBLIC INFORMATION